授权标头未通过HTTPS加密 [英] Authorization header is not encrypted over HTTPS

问题描述

我目前正在使用使用HTTP基本身份验证的REST API.

I am currently consuming a REST API which uses HTTP Basic Authentication.

基于下图，我通过HTTPS连接使用Angular应用程序后，不是应该对 Authorization 标头进行加密吗?

Based on the below picture, isn't the Authorization header supposed to be encrypted once I am using an Angular app over an HTTPS connection?

推荐答案

对于HTTPS，HTTP请求/响应是通过SSL/TLS连接发送的.这样可以确保在通过有线方式发送消息时，整个消息(包括标头)都被加密.如果有人拦截了该消息，则他们将无法阅读实际内容.

With HTTPS, the HTTP requests/responses are sent over an SSL/TLS connection. It ensures that the entire message (including the headers) is encrypted when it is sent over the wire. If anyone intercepts the message, they won't be able to read the actual content.

但是，标题仍然对客户端和服务器可见.这就是为什么Chrome DevTools和其他调试工具会将值显示为纯文本的原因.

However, the headers are still visible to both client and server. That's why Chrome DevTools and other debugging tools will show the values as plain text.

这篇关于授权标头未通过HTTPS加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！